Knowledge Base

Legacy X500 email address displayed when replying to a migrated email message

Problem:

You’ve completed an email migration from Exchange Server to Microsoft 365 (Office 365). Now, when you reply to a migrated email message, you see internal recipient addresses in the legacy X500 format instead of SMTP. When sending the reply, your email is not delivered, and you get a Non-Delivery Report (NDR).

Solution:

Such a behavior indicates that the legacy X500 addresses are missing after migration and need to be added to recipients’ Exchange Online mailboxes as aliases. This can be done in two ways, depending on whether you’ve decommissioned or not your source on-premises Exchange environment:

Tip

For a quick fix, an end user experiencing the problem can manually replace an X500 address with an address in the SMTP format in the To field.

You can access your source email server

Here, you’ve got two methods to choose from:

I need to assign many X500 addresses as aliases

This method is fully automated and based 100% on PowerShell scripts. It’s recommended if you need to assign X500 addresses to multiple Exchange Online users.

Important

The scripts below assume that an email alias for each of your users is the same in the source and target environments. If aliases differ, it’s most convenient to use a different property for identifying users that’s the same in both environments.

  1. On a client machine, connect to your source on-premises email server with Windows PowerShell, as shown here.
  2. Execute the following script line by line to collect and export X500 addresses together with aliases (that identify users) to a CSV file:
    $users = Get-Mailbox -ResultSize unlimited | Select-Object -Property Alias,LegacyExchangeDN <# Gets a list of all mailboxes and saves their alias and LegacyExchangeDN into the array $users #>
    $users | foreach{$_.LegacyExchangeDN = "x500:"+$_.LegacyExchangeDN} <# Changes the LegacyExchangeDN parameter into a usable X500 address #>
    $users | Export-Csv -Path C:\onpremusers.csv -NoTypeInformation -Encoding UTF8 <# Exports the array to a CSV file #>
    
  1. Once your CSV file is ready, disconnect from Exchange on-premises by using this command:
    Remove-PSSession $Session
  1. Next, connect to your target environment (Exchange Online) by following these steps.
  2. Run the following script line by line:
    $onpremusers = Import-Csv -Path C:\onpremusers.csv <# Imports the CSV file to the $onpremusers array #>
    $onpremusers | foreach{Get-Mailbox $_.alias} <# Tests if you can successfully get mailboxes, based on the alias parameter from the export file. If you get any errors at this point, you need to see if the on-premises aliases correspond to the Exchange Online aliases. #>
    $onpremusers | foreach{Set-Mailbox -Identity $_.alias -EmailAddresses @{Add= $_.LegacyExchangeDN}} <# Adds the correct X500 addresses as aliases to Exchange Online mailboxes #>
    
  1. Disconnect from Exchange Online using this cmdlet:
    Disconnect-ExchangeOnline
  1. Wait some time for the changes to propagate.

Now, a legacy X500 address from the source on-premises server should be assigned to each Exchange Online user you included in the CSV file, and your users should be able to successfully reply to emails migrated from your source server.

I need to assign just a few X500 addresses as aliases

  1. Sign in to your source email server.
  2. Run the Exchange Management Shell.
  3. Execute the following script to list the values for the LegacyExchangeDN property for all users and export them to a CSV file:
    Get-Mailbox -ResultSize unlimited | Select-Object -Property LegacyExchangeDN | Export-Csv -Path C:\export.csv -NoTypeInformation -Encoding UTF8
  1. Next, open the CSV file (C:\export.csv), sign in to the Exchange admin center (EAC) of your target Exchange Online environment, and proceed as follows:
    1. Go to Recipients > Mailboxes.
    2. Select a user/recipient without the X500 address on the list. In the pane that opens, on the General tab, click the Manage email address types link (Fig. 1.).

Accessing the email address settings in EAC.
Fig. 1. Accessing the email address settings in EAC.

  1. Click Add email address type.
  2. Select the option to define a custom address type, enter X500 in the box next to it, copy the LegacyExchangeDN property for that user from the CSV file, and click OK to add the X500 address (Fig. 2.).

Setting the X500 address as an alias in the Exchange admin center.
Fig. 2. Setting the X500 address as an alias in the Exchange admin center.

Tip

To identify each user, use the alias shown at the end of each Legacy ExchangeDN attribute’s value listed in the CSV file (Fig. 3.).

Identifying a user by the Alias value at the end of each line in the CSV file.
Fig. 3. Identifying a user by the Alias value at the end of each line in the CSV file.

  1. Repeat steps b-d for each affected user.

You cannot access your source email server anymore

If you cannot get X500 addresses from your source environment (e.g. because you’ve decommissioned it), the only way to obtain them is from Non-Delivery Reports (NDR) generated when your users send internal emails.

  1. Sign in to the Exchange admin center and go to Mail flow > Message trace.
  2. Use one of the default queries or create a custom one to collect information about emails sent in a given period of time.
  3. Locate an email that produced an NDR. In the pane with details of the undelivered email, locate a string that begins with IMCEAEX-_o and ends with an email address, for example:
    IMCEAEX-_o=contoso_ou=Exchange+20Administrative+20Group+20+28FADIBOSD23SPDLT+29_cn=Recipients_cn=2348ac5234bfec72349-alias@contoso.com
  1. Run Windows PowerShell from Windows Start menu and connect to Exchange Online, as shown here.
  2. Execute the following cmdlet:
    "<string_beginning_with_IMCEAEX>" | %{
    $_ -replace "(mailto:)?IMCEAEX-","x500:" -replace "_","/" -replace "%3D","=" -replace "\+20"," " -replace "\+28","(" -replace "\+29",")" -replace "<your_email_domain>$",$null } <# Converts the string from an NDR message to a usable X500 address #>
    

    replacing <string_beginning_with_IMCEAEX> with the actual string you found in step 3, and <your_email_domain> with your company's email domain (shown at the end of the string from step 3) that additionally includes the escape character (\) before each full-stop, e.g. @contoso\.com or @contoso\.co\.uk, etc.

  3. You’ll get a clean X500 address, like the following one:
    x500:/o=contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=2348ac5234bfec72349-alias

    Copy the address and take note of the alias part that indicates the Exchange Online user for whom you need to assign the X500 address in the next step.

  4. Run the following command to assign the X500 address to the Exchange Online user who failed to receive an email message:
    Set-Mailbox -Identity "<recipient_user_alias>" -EmailAddresses @{Add = "<X500_address>"} <# Adds the <X500_address> to the <recipient_user_alias> #>

    replacing <recipient_user_alias> with the alias value from step 6, and <X500_address> with the entire X500 address you obtained in step 6. 

  5. You need to repeat steps 1-7 for each Exchange Online user that fails to receive an internally sent email because of a missing X500 address.
Was this information useful?